At 40Gbps, the FortiGate-5001B security blade for the FortiGate-5000 chassis far outruns Fortinet's current highest-performance security blade that maxes out at 8Gbps, according to Dan Frey, product marketing manager. "This is aimed at the large enterprise, the carrier, the service provider, those with a multi-tenant network," Frey notes. The chassis can support up to 132 million concurrent sessions per second.

The application control feature in the FortiGate-5001B blade is intended to allow organizations to set identity-based application-level controls for 1,300 applications, including ones that often get a lot of attention due to security risks, such as peer-to-peer applications, instant messaging and Facebook, says Patrick Bedwell, vice president of product marketing.

"These are custom controls," Bedwell says, noting the 5001-B blade can make use of Windows Active Directory information to help establish identity-based application controls that might allow Facebook chat, for example, but not attachment of files. Organizations can also specify application-specific timeframe limitations and bandwidth controls.

The Fortigate-5001B security blade falls into the general definition of what's called a Next Generation Firewall (NGFW), the term favored by the Gartner consultancy to describe enterprise firewalls that closely combine firewall/VPN and intrusion-prevention in one unit, with additional security capabilities such as application-based controls and filtering.

Vendors including McAfee, Cisco, Check Point, Palo Alto Networks and Juniper are also jostling to win a place in the evolving NGFW race, and IPS vendor Sourcefire recently announced it will have a NGFW by mid-2011. According to Gartner, less than 1% of firewall interconnections today conform to the definition of NGFW but there's the belief that NGFW will grow to about 35% of the firewall market by 2014.